package io.netty.handler.ssl;

import io.netty.bootstrap.Bootstrap;
import io.netty.bootstrap.ServerBootstrap;
import io.netty.buffer.ByteBufAllocator;
import io.netty.buffer.Unpooled;
import io.netty.buffer.UnpooledByteBufAllocator;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.DefaultEventLoopGroup;
import io.netty.channel.EventLoopGroup;
import io.netty.channel.SimpleChannelInboundHandler;
import io.netty.channel.local.LocalAddress;
import io.netty.channel.local.LocalChannel;
import io.netty.channel.local.LocalServerChannel;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.util.ReferenceCountUtil;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.ImmediateEventExecutor;
import io.netty.util.concurrent.Promise;
import io.netty.util.internal.ThreadLocalRandom;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.concurrent.Executor;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLHandshakeException;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;

/* loaded from: input_file:io/netty/handler/ssl/OpenSslPrivateKeyMethodTest.class */
public class OpenSslPrivateKeyMethodTest {
    private static final String RFC_CIPHER_NAME = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
    private static EventLoopGroup GROUP;
    private static SelfSignedCertificate CERT;
    private static DelayingExecutor EXECUTOR;

    /* loaded from: input_file:io/netty/handler/ssl/OpenSslPrivateKeyMethodTest$DelegateThread.class */
    private static final class DelegateThread extends Thread {
        DelegateThread(Runnable runnable) {
            super(runnable);
        }
    }

    /* loaded from: input_file:io/netty/handler/ssl/OpenSslPrivateKeyMethodTest$OpenSslPrivateKeyMethodAdapter.class */
    private static final class OpenSslPrivateKeyMethodAdapter implements OpenSslAsyncPrivateKeyMethod {
        private final OpenSslPrivateKeyMethod keyMethod;
        private final boolean newThread;

        OpenSslPrivateKeyMethodAdapter(OpenSslPrivateKeyMethod openSslPrivateKeyMethod, boolean z) {
            this.keyMethod = openSslPrivateKeyMethod;
            this.newThread = z;
        }

        public Future<byte[]> sign(final SSLEngine sSLEngine, final int i, final byte[] bArr) {
            final Promise newPromise = ImmediateEventExecutor.INSTANCE.newPromise();
            try {
                if (this.newThread) {
                    new DelegateThread(new Runnable() { // from class: io.netty.handler.ssl.OpenSslPrivateKeyMethodTest.OpenSslPrivateKeyMethodAdapter.1
                        @Override // java.lang.Runnable
                        public void run() {
                            try {
                                Thread.sleep(ThreadLocalRandom.current().nextLong(100L, 500L));
                                newPromise.setSuccess(OpenSslPrivateKeyMethodAdapter.this.keyMethod.sign(sSLEngine, i, bArr));
                            } catch (Throwable th) {
                                newPromise.setFailure(th);
                            }
                        }
                    }).start();
                } else {
                    newPromise.setSuccess(this.keyMethod.sign(sSLEngine, i, bArr));
                }
            } catch (Throwable th) {
                newPromise.setFailure(th);
            }
            return newPromise;
        }

        public Future<byte[]> decrypt(final SSLEngine sSLEngine, final byte[] bArr) {
            final Promise newPromise = ImmediateEventExecutor.INSTANCE.newPromise();
            try {
                if (this.newThread) {
                    new DelegateThread(new Runnable() { // from class: io.netty.handler.ssl.OpenSslPrivateKeyMethodTest.OpenSslPrivateKeyMethodAdapter.2
                        @Override // java.lang.Runnable
                        public void run() {
                            try {
                                Thread.sleep(ThreadLocalRandom.current().nextLong(100L, 500L));
                                newPromise.setSuccess(OpenSslPrivateKeyMethodAdapter.this.keyMethod.decrypt(sSLEngine, bArr));
                            } catch (Throwable th) {
                                newPromise.setFailure(th);
                            }
                        }
                    }).start();
                } else {
                    newPromise.setSuccess(this.keyMethod.decrypt(sSLEngine, bArr));
                }
            } catch (Throwable th) {
                newPromise.setFailure(th);
            }
            return newPromise;
        }
    }

    static Collection<Object[]> parameters() {
        ArrayList arrayList = new ArrayList();
        int i = 0;
        while (i < 2) {
            int i2 = 0;
            while (i2 < 2) {
                int i3 = 0;
                while (i3 < 2) {
                    Object[] objArr = new Object[3];
                    objArr[0] = Boolean.valueOf(i == 0);
                    objArr[1] = Boolean.valueOf(i2 == 0);
                    objArr[2] = Boolean.valueOf(i3 == 0);
                    arrayList.add(objArr);
                    i3++;
                }
                i2++;
            }
            i++;
        }
        return arrayList;
    }

    @BeforeAll
    public static void init() throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        Assumptions.assumeTrue(OpenSsl.isBoringSSL());
        assumeCipherAvailable(SslProvider.OPENSSL);
        assumeCipherAvailable(SslProvider.JDK);
        GROUP = new DefaultEventLoopGroup();
        CERT = new SelfSignedCertificate();
        EXECUTOR = new DelayingExecutor(new ThreadFactory() { // from class: io.netty.handler.ssl.OpenSslPrivateKeyMethodTest.1
            @Override // java.util.concurrent.ThreadFactory
            public Thread newThread(Runnable runnable) {
                return new DelegateThread(runnable);
            }
        });
    }

    @AfterAll
    public static void destroy() {
        if (OpenSsl.isBoringSSL()) {
            GROUP.shutdownGracefully();
            CERT.delete();
            EXECUTOR.shutdown();
        }
    }

    private static void assumeCipherAvailable(SslProvider sslProvider) throws NoSuchAlgorithmException {
        boolean z = false;
        if (sslProvider == SslProvider.JDK) {
            String[] supportedCipherSuites = SSLContext.getDefault().createSSLEngine().getSupportedCipherSuites();
            int length = supportedCipherSuites.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (RFC_CIPHER_NAME.equals(supportedCipherSuites[i])) {
                    z = true;
                    break;
                }
                i++;
            }
        } else {
            z = OpenSsl.isCipherSuiteAvailable(RFC_CIPHER_NAME);
        }
        Assumptions.assumeTrue(z, "Unsupported cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SslHandler newSslHandler(SslContext sslContext, ByteBufAllocator byteBufAllocator, Executor executor) {
        return executor == null ? sslContext.newHandler(byteBufAllocator) : sslContext.newHandler(byteBufAllocator, executor);
    }

    private SslContext buildServerContext(OpenSslPrivateKeyMethod openSslPrivateKeyMethod) throws Exception {
        return SslContextBuilder.forServer(OpenSslX509KeyManagerFactory.newKeyless(new X509Certificate[]{CERT.cert()})).sslProvider(SslProvider.OPENSSL).ciphers(Collections.singletonList(RFC_CIPHER_NAME)).protocols(new String[]{"TLSv1.2"}).option(OpenSslContextOption.PRIVATE_KEY_METHOD, openSslPrivateKeyMethod).build();
    }

    private SslContext buildClientContext() throws Exception {
        return SslContextBuilder.forClient().sslProvider(SslProvider.JDK).ciphers(Collections.singletonList(RFC_CIPHER_NAME)).protocols(new String[]{"TLSv1.2"}).trustManager(InsecureTrustManagerFactory.INSTANCE).build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Executor delegateExecutor(boolean z) {
        if (z) {
            return EXECUTOR;
        }
        return null;
    }

    private SslContext buildServerContext(OpenSslAsyncPrivateKeyMethod openSslAsyncPrivateKeyMethod) throws Exception {
        return SslContextBuilder.forServer(OpenSslX509KeyManagerFactory.newKeyless(new X509Certificate[]{CERT.cert()})).sslProvider(SslProvider.OPENSSL).ciphers(Collections.singletonList(RFC_CIPHER_NAME)).protocols(new String[]{"TLSv1.2"}).option(OpenSslContextOption.ASYNC_PRIVATE_KEY_METHOD, openSslAsyncPrivateKeyMethod).build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void assertThread(boolean z) {
        if (z && OpenSslContext.USE_TASKS) {
            Assertions.assertEquals(DelegateThread.class, Thread.currentThread().getClass());
        }
    }

    /* JADX WARN: Finally extract failed */
    @MethodSource({"parameters"})
    @ParameterizedTest(name = "{index}: delegate = {0}, async = {1}, newThread={2}")
    public void testPrivateKeyMethod(final boolean z, boolean z2, boolean z3) throws Exception {
        final AtomicBoolean atomicBoolean = new AtomicBoolean();
        OpenSslPrivateKeyMethod openSslPrivateKeyMethod = new OpenSslPrivateKeyMethod() { // from class: io.netty.handler.ssl.OpenSslPrivateKeyMethodTest.2
            public byte[] sign(SSLEngine sSLEngine, int i, byte[] bArr) throws Exception {
                Signature signature;
                atomicBoolean.set(true);
                OpenSslPrivateKeyMethodTest.assertThread(z);
                Assertions.assertEquals(OpenSslPrivateKeyMethodTest.CERT.cert().getPublicKey(), sSLEngine.getSession().getLocalCertificates()[0].getPublicKey());
                if (i == OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA256) {
                    signature = Signature.getInstance("SHA256withRSA");
                } else {
                    if (i != OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA256) {
                        throw new AssertionError("Unexpected signature algorithm " + i);
                    }
                    signature = Signature.getInstance("RSASSA-PSS");
                    signature.setParameter(new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1));
                }
                signature.initSign(OpenSslPrivateKeyMethodTest.CERT.key());
                signature.update(bArr);
                return signature.sign();
            }

            public byte[] decrypt(SSLEngine sSLEngine, byte[] bArr) {
                throw new UnsupportedOperationException();
            }
        };
        final SslContext buildServerContext = z2 ? buildServerContext(new OpenSslPrivateKeyMethodAdapter(openSslPrivateKeyMethod, z3)) : buildServerContext(openSslPrivateKeyMethod);
        final SslContext buildClientContext = buildClientContext();
        try {
            try {
                final Promise newPromise = GROUP.next().newPromise();
                final Promise newPromise2 = GROUP.next().newPromise();
                Channel server = server(new LocalAddress("test-" + SslProvider.OPENSSL + '-' + SslProvider.JDK + '-' + RFC_CIPHER_NAME + '-' + z), new ChannelInitializer<Channel>() { // from class: io.netty.handler.ssl.OpenSslPrivateKeyMethodTest.3
                    protected void initChannel(Channel channel) {
                        ChannelPipeline pipeline = channel.pipeline();
                        pipeline.addLast(new ChannelHandler[]{OpenSslPrivateKeyMethodTest.newSslHandler(buildServerContext, channel.alloc(), OpenSslPrivateKeyMethodTest.delegateExecutor(z))});
                        pipeline.addLast(new ChannelHandler[]{new SimpleChannelInboundHandler<Object>() { // from class: io.netty.handler.ssl.OpenSslPrivateKeyMethodTest.3.1
                            public void channelInactive(ChannelHandlerContext channelHandlerContext) {
                                newPromise.cancel(true);
                                channelHandlerContext.fireChannelInactive();
                            }

                            public void channelRead0(ChannelHandlerContext channelHandlerContext, Object obj) {
                                if (newPromise.trySuccess((Object) null)) {
                                    channelHandlerContext.writeAndFlush(Unpooled.wrappedBuffer(new byte[]{80, 79, 78, 71}));
                                }
                                channelHandlerContext.close();
                            }

                            public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) {
                                if (newPromise.tryFailure(th)) {
                                    return;
                                }
                                channelHandlerContext.fireExceptionCaught(th);
                            }
                        }});
                    }
                });
                try {
                    Channel client = client(server, new ChannelInitializer<Channel>() { // from class: io.netty.handler.ssl.OpenSslPrivateKeyMethodTest.4
                        protected void initChannel(Channel channel) {
                            ChannelPipeline pipeline = channel.pipeline();
                            pipeline.addLast(new ChannelHandler[]{OpenSslPrivateKeyMethodTest.newSslHandler(buildClientContext, channel.alloc(), OpenSslPrivateKeyMethodTest.delegateExecutor(z))});
                            pipeline.addLast(new ChannelHandler[]{new SimpleChannelInboundHandler<Object>() { // from class: io.netty.handler.ssl.OpenSslPrivateKeyMethodTest.4.1
                                public void channelInactive(ChannelHandlerContext channelHandlerContext) {
                                    newPromise2.cancel(true);
                                    channelHandlerContext.fireChannelInactive();
                                }

                                public void channelRead0(ChannelHandlerContext channelHandlerContext, Object obj) {
                                    newPromise2.trySuccess((Object) null);
                                    channelHandlerContext.close();
                                }

                                public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) {
                                    if (newPromise2.tryFailure(th)) {
                                        return;
                                    }
                                    channelHandlerContext.fireExceptionCaught(th);
                                }
                            }});
                        }
                    });
                    try {
                        client.writeAndFlush(Unpooled.wrappedBuffer(new byte[]{80, 73, 78, 71})).syncUninterruptibly();
                        Assertions.assertTrue(newPromise2.await(5L, TimeUnit.SECONDS), "client timeout");
                        Assertions.assertTrue(newPromise.await(5L, TimeUnit.SECONDS), "server timeout");
                        newPromise2.sync();
                        newPromise.sync();
                        Assertions.assertTrue(atomicBoolean.get());
                        client.close().sync();
                        server.close().sync();
                        ReferenceCountUtil.release(buildClientContext);
                    } catch (Throwable th) {
                        client.close().sync();
                        throw th;
                    }
                } catch (Throwable th2) {
                    server.close().sync();
                    throw th2;
                }
            } catch (Throwable th3) {
                ReferenceCountUtil.release(buildClientContext);
                throw th3;
            }
        } finally {
            ReferenceCountUtil.release(buildServerContext);
        }
    }

    @MethodSource({"parameters"})
    @ParameterizedTest(name = "{index}: delegate = {0}")
    public void testPrivateKeyMethodFailsBecauseOfException(boolean z) throws Exception {
        testPrivateKeyMethodFails(z, false);
    }

    @MethodSource({"parameters"})
    @ParameterizedTest(name = "{index}: delegate = {0}")
    public void testPrivateKeyMethodFailsBecauseOfNull(boolean z) throws Exception {
        testPrivateKeyMethodFails(z, true);
    }

    /* JADX WARN: Finally extract failed */
    private void testPrivateKeyMethodFails(final boolean z, final boolean z2) throws Exception {
        SslContext buildServerContext = buildServerContext(new OpenSslPrivateKeyMethod() { // from class: io.netty.handler.ssl.OpenSslPrivateKeyMethodTest.5
            public byte[] sign(SSLEngine sSLEngine, int i, byte[] bArr) throws Exception {
                OpenSslPrivateKeyMethodTest.assertThread(z);
                if (z2) {
                    return null;
                }
                throw new SignatureException();
            }

            public byte[] decrypt(SSLEngine sSLEngine, byte[] bArr) {
                throw new UnsupportedOperationException();
            }
        });
        SslContext buildClientContext = buildClientContext();
        SslHandler newSslHandler = newSslHandler(buildServerContext, UnpooledByteBufAllocator.DEFAULT, delegateExecutor(z));
        SslHandler newSslHandler2 = newSslHandler(buildClientContext, UnpooledByteBufAllocator.DEFAULT, delegateExecutor(z));
        try {
            try {
                Channel server = server(new LocalAddress("test-" + SslProvider.OPENSSL + '-' + SslProvider.JDK + '-' + RFC_CIPHER_NAME + '-' + z), newSslHandler);
                try {
                    Channel client = client(server, newSslHandler2);
                    try {
                        Throwable cause = newSslHandler2.handshakeFuture().await().cause();
                        Throwable cause2 = newSslHandler.handshakeFuture().await().cause();
                        Assertions.assertNotNull(cause);
                        MatcherAssert.assertThat(cause2, Matchers.instanceOf(SSLHandshakeException.class));
                        client.close().sync();
                        server.close().sync();
                        ReferenceCountUtil.release(buildClientContext);
                    } catch (Throwable th) {
                        client.close().sync();
                        throw th;
                    }
                } catch (Throwable th2) {
                    server.close().sync();
                    throw th2;
                }
            } catch (Throwable th3) {
                ReferenceCountUtil.release(buildClientContext);
                throw th3;
            }
        } finally {
            ReferenceCountUtil.release(buildServerContext);
        }
    }

    private static Channel server(LocalAddress localAddress, ChannelHandler channelHandler) throws Exception {
        return new ServerBootstrap().channel(LocalServerChannel.class).group(GROUP).childHandler(channelHandler).bind(localAddress).sync().channel();
    }

    private static Channel client(Channel channel, ChannelHandler channelHandler) throws Exception {
        return new Bootstrap().channel(LocalChannel.class).group(GROUP).handler(channelHandler).connect(channel.localAddress()).sync().channel();
    }
}
